0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-06 22:40:14 -05:00

Adding role API tests & fixing browse

refs #3083, refs #3196
This commit is contained in:
Hannah Wolfe 2014-07-24 23:22:27 +01:00
parent e7dc51dc66
commit 7714dc6ab1
3 changed files with 133 additions and 11 deletions

View file

@ -59,19 +59,16 @@ Role = ghostBookshelf.Model.extend({
}, errors.logAndThrowError);
}
switch (loadedPermissions.user) {
case 'Owner':
case 'Administrator':
if (action === 'assign' && loadedPermissions.user) {
if (_.any(loadedPermissions.user.roles, { 'name': 'Owner' }) ||
_.any(loadedPermissions.user.roles, { 'name': 'Administrator' })) {
checkAgainst = ['Administrator', 'Editor', 'Author'];
break;
case 'Editor':
checkAgainst = ['Editor', 'Author'];
}
} else if (_.any(loadedPermissions.user.roles, { 'name': 'Editor' })) {
checkAgainst = ['Author'];
}
// If we have a role passed into here
if (roleModelOrId && !_.contains(checkAgainst, roleModelOrId.get('name'))) {
// Role not in the list of permissible roles
hasUserPermission = false;
// Role in the list of permissible roles
hasUserPermission = roleModelOrId && _.contains(checkAgainst, roleModelOrId.get('name'));
}
if (hasUserPermission && hasAppPermission) {

View file

@ -0,0 +1,124 @@
/*globals describe, before, beforeEach, afterEach, it */
/*jshint expr:true*/
var testUtils = require('../../utils'),
should = require('should'),
_ = require('lodash'),
// Stuff we are testing
RoleAPI = require('../../../server/api/roles'),
context = testUtils.context;
describe('Roles API', function () {
// Keep the DB clean
before(testUtils.teardown);
afterEach(testUtils.teardown);
beforeEach(testUtils.setup('users:roles', 'perms:role', 'perms:init'));
describe('Browse', function () {
function checkBrowseResponse(response) {
should.exist(response);
testUtils.API.checkResponse(response, 'roles');
should.exist(response.roles);
response.roles.should.have.length(4);
testUtils.API.checkResponse(response.roles[0], 'role');
testUtils.API.checkResponse(response.roles[1], 'role');
testUtils.API.checkResponse(response.roles[2], 'role');
testUtils.API.checkResponse(response.roles[3], 'role');
}
it('Owner can browse', function (done) {
RoleAPI.browse(context.owner).then(function (response) {
checkBrowseResponse(response);
done();
}).catch(done);
});
it('Admin can browse', function (done) {
RoleAPI.browse(context.admin).then(function (response) {
checkBrowseResponse(response);
done();
}).catch(done);
});
it('Editor can browse', function (done) {
RoleAPI.browse(context.editor).then(function (response) {
checkBrowseResponse(response);
done();
}).catch(done);
});
it('Author can browse', function (done) {
RoleAPI.browse(context.author).then(function (response) {
checkBrowseResponse(response);
done();
}).catch(done);
});
it('No-auth CANNOT browse', function (done) {
RoleAPI.browse().then(function () {
done(new Error('Browse roles is not denied without authentication.'));
}, function () {
done();
}).catch(done);
});
});
describe('Browse permissions=assign', function () {
function checkBrowseResponse(response) {
should.exist(response);
should.exist(response.roles);
testUtils.API.checkResponse(response, 'roles');
response.roles.should.have.length(3);
testUtils.API.checkResponse(response.roles[0], 'role');
testUtils.API.checkResponse(response.roles[1], 'role');
testUtils.API.checkResponse(response.roles[2], 'role');
response.roles[0].name.should.equal('Administrator');
response.roles[1].name.should.equal('Editor');
response.roles[2].name.should.equal('Author');
}
it('Owner can assign all', function (done) {
RoleAPI.browse(_.extend(context.owner, {permissions: 'assign'})).then(function (response) {
checkBrowseResponse(response);
done();
}).catch(done);
});
it('Admin can assign all', function (done) {
RoleAPI.browse(_.extend(context.admin, {permissions: 'assign'})).then(function (response) {
checkBrowseResponse(response);
done();
}).catch(done);
});
it('Editor can assign Author', function (done) {
RoleAPI.browse(_.extend(context.editor, {permissions: 'assign'})).then(function (response) {
should.exist(response);
should.exist(response.roles);
testUtils.API.checkResponse(response, 'roles');
response.roles.should.have.length(1);
testUtils.API.checkResponse(response.roles[0], 'role');
response.roles[0].name.should.equal('Author');
done();
}).catch(done);
});
it('Author CANNOT assign any', function (done) {
RoleAPI.browse(_.extend(context.author, {permissions: 'assign'})).then(function (response) {
should.exist(response);
should.exist(response.roles);
testUtils.API.checkResponse(response, 'roles');
response.roles.should.have.length(0);
done();
}).catch(done);
});
it('No-auth CANNOT browse', function (done) {
RoleAPI.browse({permissions: 'assign'}).then(function () {
done(new Error('Browse roles is not denied without authentication.'));
}, function () {
done();
}).catch(done);
});
});
});

View file

@ -7,6 +7,7 @@ var url = require('url'),
expectedProperties = {
posts: ['posts', 'meta'],
users: ['users', 'meta'],
roles: ['roles'],
pagination: ['page', 'limit', 'pages', 'total', 'next', 'prev'],
post: ['id', 'uuid', 'title', 'slug', 'markdown', 'html', 'meta_title', 'meta_description',
'featured', 'image', 'status', 'language', 'created_at', 'created_by', 'updated_at',